Main Vulnerability Database SB2023050352

SB2023050352 - Remote code execution in Cisco SPA112 2-Port Phone Adapters

Published: May 3, 2023 Updated: December 19, 2024

Security Bulletin ID SB2023050352

Severity

Critical

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2023-20126)

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing authentication within the firmware upgrade function. A remote attacker can upgrade the affected device with a specially crafted firmware and gain full control over it.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe50762